Lucene search

[email protected]CVE-2017-16945

HistoryJan 31, 2018 - 8:29 p.m.

CVE-2017-16945

2018-01-3120:29:00

CWE-732

[email protected]

web.nvd.nist.gov

arq

mac

local users

root privileges

crafted restore path

cve-2017-16945

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.9%

JSON

The standardrestorer binary in Arq 5.10 and earlier for Mac allows local users to write to arbitrary files and consequently gain root privileges via a crafted restore path.

Affected configurations

NVD

Node

haystacksoftwarearqRange≤5.10

AND

applemacosMatch-

CPENameOperatorVersion
haystacksoftware:arqhaystacksoftware arqle5.10

CPE	Name	Operator	Version
haystacksoftware:arq	haystacksoftware arq	le	5.10

References

packetstormsecurity.com/files/146159/Arq-5.10-Local-Privilege-Escalation.html

m4.rkw.io/blog/two-local-root-privesc-bugs-in-arq-backup--510.html

www.exploit-db.com/exploits/43926/

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.9%

JSON

Related for CVE-2017-16945

cvelist1 packetstorm1 nvd1 zdt1 prion1